diff --git a/nixos/modules/services/cluster/kubernetes/default.nix b/nixos/modules/services/cluster/kubernetes/default.nix index 6560cff63282..7cc172f12558 100644 --- a/nixos/modules/services/cluster/kubernetes/default.nix +++ b/nixos/modules/services/cluster/kubernetes/default.nix @@ -276,6 +276,30 @@ in { wantedBy = [ "multi-user.target" ]; }; + systemd.targets.kube-control-plane-online = { + wantedBy = [ "kubernetes.target" ]; + before = [ "kubernetes.target" ]; + }; + + systemd.services.kube-control-plane-online = rec { + description = "Kubernetes control plane is online"; + wantedBy = [ "kube-control-plane-online.target" ]; + after = [ "kube-scheduler.service" "kube-controller-manager.service" ]; + before = [ "kube-control-plane-online.target" ]; + environment.KUBECONFIG = cfg.lib.mkKubeConfig "default" cfg.kubeconfig; + path = [ pkgs.kubectl ]; + preStart = '' + until kubectl get --raw=/healthz 2>/dev/null; do + echo kubectl get --raw=/healthz: exit status $? + sleep 3 + done + ''; + script = "echo Ok"; + serviceConfig = { + TimeoutSec = "500"; + }; + }; + systemd.tmpfiles.rules = [ "d /opt/cni/bin 0755 root root -" "d /run/kubernetes 0755 kubernetes kubernetes -" @@ -300,28 +324,7 @@ in { then cfg.apiserver.advertiseAddress else "${cfg.masterAddress}:${toString cfg.apiserver.securePort}"}"); - systemd.targets.kube-control-plane-online = { - wantedBy = [ "kubernetes.target" ]; - before = [ "kubernetes.target" ]; - }; - - systemd.services.kube-control-plane-online = rec { - description = "Kubernetes control plane is online"; - wantedBy = [ "kube-control-plane-online.target" ]; - after = [ "kube-scheduler.service" "kube-controller-manager.service" ]; - before = [ "kube-control-plane-online.target" ]; - preStart = '' - ${cfg.lib.mkWaitCurl ( with config.systemd.services.kube-control-plane-online; { - sleep = 3; - path = "/healthz"; - cacert = cfg.caFile; - } // optionalAttrs (environment ? cert) { inherit (environment) cert key; })} - ''; - script = "echo Ok"; - serviceConfig = { - TimeoutSec = "500"; - }; - }; + services.kubernetes.kubeconfig.server = mkDefault cfg.apiserverAddress; }) ]; } diff --git a/nixos/modules/services/cluster/kubernetes/pki.nix b/nixos/modules/services/cluster/kubernetes/pki.nix index 6396ec229073..1d0232fa2358 100644 --- a/nixos/modules/services/cluster/kubernetes/pki.nix +++ b/nixos/modules/services/cluster/kubernetes/pki.nix @@ -283,12 +283,6 @@ in }; }; - systemd.services.kube-control-plane-online.environment = let - client = with cfg.certs; if top.apiserver.enable then clusterAdmin else kubelet; - in { - inherit (client) cert key; - }; - environment.etc.${cfg.etcClusterAdminKubeconfig}.source = mkIf (!isNull cfg.etcClusterAdminKubeconfig) (top.lib.mkKubeConfig "cluster-admin" clusterAdminKubeconfig);